<!DOCTYPE html>
<html lang="zh-CN">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>Spring Security 总结 | 寒冷如铁</title>
    <meta name="generator" content="VuePress 1.8.2">
    <link rel="icon" href="/blog/favicon.ico">
    <script language="javascript" type="text/javascript" src="https://cdn.bootcdn.net/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
    <script language="javascript" type="text/javascript" src="/blog/js/MouseClickEffect.js"></script>
    <meta name="description" content="好奇就尝试，喜欢就坚持！">
    <meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no">
    
    <link rel="preload" href="/blog/assets/css/0.styles.01ca31a9.css" as="style"><link rel="preload" href="/blog/assets/js/app.0c46c7d8.js" as="script"><link rel="preload" href="/blog/assets/js/3.5679fe00.js" as="script"><link rel="preload" href="/blog/assets/js/1.8cdd2163.js" as="script"><link rel="preload" href="/blog/assets/js/75.5d297adc.js" as="script"><link rel="prefetch" href="/blog/assets/js/10.0b6ffd8d.js"><link rel="prefetch" href="/blog/assets/js/11.d27e4c34.js"><link rel="prefetch" href="/blog/assets/js/12.ba5bd991.js"><link rel="prefetch" href="/blog/assets/js/13.ab5bead7.js"><link rel="prefetch" href="/blog/assets/js/14.124a0dc3.js"><link rel="prefetch" href="/blog/assets/js/15.ac521310.js"><link rel="prefetch" href="/blog/assets/js/16.b32290db.js"><link rel="prefetch" href="/blog/assets/js/17.d65c6ccd.js"><link rel="prefetch" href="/blog/assets/js/18.0a7a10ef.js"><link rel="prefetch" href="/blog/assets/js/19.e0e5e91a.js"><link rel="prefetch" href="/blog/assets/js/20.bcc0e382.js"><link rel="prefetch" href="/blog/assets/js/21.59edea58.js"><link rel="prefetch" href="/blog/assets/js/22.8239cecf.js"><link rel="prefetch" href="/blog/assets/js/23.48516c82.js"><link rel="prefetch" href="/blog/assets/js/24.4e1a046f.js"><link rel="prefetch" href="/blog/assets/js/25.56c0a228.js"><link rel="prefetch" href="/blog/assets/js/26.fb764e02.js"><link rel="prefetch" href="/blog/assets/js/27.f96c7435.js"><link rel="prefetch" href="/blog/assets/js/28.31139fa0.js"><link rel="prefetch" href="/blog/assets/js/29.fa31f05f.js"><link rel="prefetch" href="/blog/assets/js/30.49c791b1.js"><link rel="prefetch" href="/blog/assets/js/31.68660a8e.js"><link rel="prefetch" href="/blog/assets/js/32.4e07e3b0.js"><link rel="prefetch" href="/blog/assets/js/33.e08324f8.js"><link rel="prefetch" href="/blog/assets/js/34.9153a266.js"><link rel="prefetch" href="/blog/assets/js/35.49d3bb37.js"><link rel="prefetch" href="/blog/assets/js/36.5a46a47a.js"><link rel="prefetch" href="/blog/assets/js/37.2403de70.js"><link rel="prefetch" href="/blog/assets/js/38.794a3bde.js"><link rel="prefetch" href="/blog/assets/js/39.185570eb.js"><link rel="prefetch" href="/blog/assets/js/4.a5921925.js"><link rel="prefetch" href="/blog/assets/js/40.b5ddc5b2.js"><link rel="prefetch" href="/blog/assets/js/41.81f131ab.js"><link rel="prefetch" href="/blog/assets/js/42.474cb45b.js"><link rel="prefetch" href="/blog/assets/js/43.fe269b94.js"><link rel="prefetch" href="/blog/assets/js/44.123909bf.js"><link rel="prefetch" href="/blog/assets/js/45.85e17df3.js"><link rel="prefetch" href="/blog/assets/js/46.96eb5367.js"><link rel="prefetch" href="/blog/assets/js/47.2c06ceb7.js"><link rel="prefetch" href="/blog/assets/js/48.dcaa5d75.js"><link rel="prefetch" href="/blog/assets/js/49.47475370.js"><link rel="prefetch" href="/blog/assets/js/5.a6bfa893.js"><link rel="prefetch" href="/blog/assets/js/50.29aa41a9.js"><link rel="prefetch" href="/blog/assets/js/51.b049cb19.js"><link rel="prefetch" href="/blog/assets/js/52.9f16a8d1.js"><link rel="prefetch" href="/blog/assets/js/53.9ccedc0d.js"><link rel="prefetch" href="/blog/assets/js/54.c16fde39.js"><link rel="prefetch" href="/blog/assets/js/55.3d2e78cc.js"><link rel="prefetch" href="/blog/assets/js/56.14b1dddb.js"><link rel="prefetch" href="/blog/assets/js/57.a48eb0da.js"><link rel="prefetch" href="/blog/assets/js/58.db985774.js"><link rel="prefetch" href="/blog/assets/js/59.dbb67461.js"><link rel="prefetch" href="/blog/assets/js/6.d5f7873e.js"><link rel="prefetch" href="/blog/assets/js/60.fd9edd5c.js"><link rel="prefetch" href="/blog/assets/js/61.c87eaa37.js"><link rel="prefetch" href="/blog/assets/js/62.09bd4303.js"><link rel="prefetch" href="/blog/assets/js/63.c3a4cb82.js"><link rel="prefetch" href="/blog/assets/js/64.1e623e6b.js"><link rel="prefetch" href="/blog/assets/js/65.5ee98079.js"><link rel="prefetch" href="/blog/assets/js/66.875fdeb3.js"><link rel="prefetch" href="/blog/assets/js/67.52e4feee.js"><link rel="prefetch" href="/blog/assets/js/68.09bb6522.js"><link rel="prefetch" href="/blog/assets/js/69.e5cc1032.js"><link rel="prefetch" href="/blog/assets/js/7.63c57787.js"><link rel="prefetch" href="/blog/assets/js/70.a2307508.js"><link rel="prefetch" href="/blog/assets/js/71.75bc515a.js"><link rel="prefetch" href="/blog/assets/js/72.f7d10a87.js"><link rel="prefetch" href="/blog/assets/js/73.ae777bb5.js"><link rel="prefetch" href="/blog/assets/js/74.ddd90b9a.js"><link rel="prefetch" href="/blog/assets/js/76.299aaa21.js"><link rel="prefetch" href="/blog/assets/js/77.c93068f7.js"><link rel="prefetch" href="/blog/assets/js/78.727916c9.js"><link rel="prefetch" href="/blog/assets/js/79.605f2aff.js"><link rel="prefetch" href="/blog/assets/js/8.22284503.js"><link rel="prefetch" href="/blog/assets/js/80.0081929d.js"><link rel="prefetch" href="/blog/assets/js/9.8e870e00.js">
    <link rel="stylesheet" href="/blog/assets/css/0.styles.01ca31a9.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container" data-v-19557b78><div data-v-19557b78><div id="loader-wrapper" class="loading-wrapper" data-v-d48f4d20 data-v-19557b78 data-v-19557b78><div class="loader-main" data-v-d48f4d20><div data-v-d48f4d20></div><div data-v-d48f4d20></div><div data-v-d48f4d20></div><div data-v-d48f4d20></div></div> <!----> <!----></div> <div class="password-shadow password-wrapper-out" style="display:none;" data-v-64685f0e data-v-19557b78 data-v-19557b78><h3 class="title" style="display:none;" data-v-64685f0e data-v-64685f0e>寒冷如铁</h3> <!----> <label id="box" class="inputBox" style="display:none;" data-v-64685f0e data-v-64685f0e><input type="password" value="" data-v-64685f0e> <span data-v-64685f0e>Konck! Knock!</span> <button data-v-64685f0e>OK</button></label> <div class="footer" style="display:none;" data-v-64685f0e data-v-64685f0e><span data-v-64685f0e><i class="iconfont reco-theme" data-v-64685f0e></i> <a target="blank" href="https://vuepress-theme-reco.recoluan.com" data-v-64685f0e>vuePress-theme-reco</a></span> <span data-v-64685f0e><i class="iconfont reco-copyright" data-v-64685f0e></i> <a data-v-64685f0e><span data-v-64685f0e>寒铁</span>
            
          <span data-v-64685f0e>2020 - </span>
          2022
        </a></span></div></div> <div class="hide" data-v-19557b78><header class="navbar" data-v-19557b78><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/blog/" class="home-link router-link-active"><!----> <span class="site-name">寒冷如铁</span></a> <div class="links"><div class="color-picker"><a class="color-button"><i class="iconfont reco-color"></i></a> <div class="color-picker-menu" style="display:none;"><div class="mode-options"><h4 class="title">Choose mode</h4> <ul class="color-mode-options"><li class="dark">dark</li><li class="auto active">auto</li><li class="light">light</li></ul></div></div></div> <div class="search-box"><i class="iconfont reco-search"></i> <input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/blog/" class="nav-link"><i class="iconfont reco-home"></i>
  首页
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-category"></i>
      分类
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/categories/build/" class="nav-link"><i class="iconfont undefined"></i>
  build
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/db/" class="nav-link"><i class="iconfont undefined"></i>
  db
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/docker/" class="nav-link"><i class="iconfont undefined"></i>
  docker
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/workflow/" class="nav-link"><i class="iconfont undefined"></i>
  workflow
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/git/" class="nav-link"><i class="iconfont undefined"></i>
  git
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/java/" class="nav-link"><i class="iconfont undefined"></i>
  java
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/source/" class="nav-link"><i class="iconfont undefined"></i>
  source
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/linux/" class="nav-link"><i class="iconfont undefined"></i>
  linux
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/network/" class="nav-link"><i class="iconfont undefined"></i>
  network
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/python/" class="nav-link"><i class="iconfont undefined"></i>
  python
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/project/" class="nav-link"><i class="iconfont undefined"></i>
  project
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/share/" class="nav-link"><i class="iconfont undefined"></i>
  share
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/software/" class="nav-link"><i class="iconfont undefined"></i>
  software
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/spring/" class="nav-link"><i class="iconfont undefined"></i>
  spring
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/tomcat/" class="nav-link"><i class="iconfont undefined"></i>
  tomcat
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/web/" class="nav-link"><i class="iconfont undefined"></i>
  web
</a></li></ul></div></div><div class="nav-item"><a href="/blog/tag/" class="nav-link"><i class="iconfont reco-tag"></i>
  标签
</a></div><div class="nav-item"><a href="/blog/views/guide.html" class="nav-link"><i class="iconfont reco-other"></i>
  记录
</a></div><div class="nav-item"><a href="/blog/timeline/" class="nav-link"><i class="iconfont reco-date"></i>
  时间线
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-message"></i>
      外链
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/huhuhan" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-github"></i>
  GitHub
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://gitee.com/huhu_han" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  Gitee
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://console.leancloud.app/#/apps" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  有道云笔记
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://console.leancloud.app/#/apps" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  LeadCloud
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://cloud.seafile.com/" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  Seafile
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://huhu_han.gitee.io/downgit" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  DownGit
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav></div></header> <div class="sidebar-mask" data-v-19557b78></div> <aside class="sidebar" data-v-19557b78><div class="personal-info-wrapper" data-v-b038cec6><img src="/blog/avatar.png" alt="author-avatar" class="personal-img" data-v-b038cec6> <h3 class="name" data-v-b038cec6>
    寒铁
  </h3> <div class="num" data-v-b038cec6><div data-v-b038cec6><h3 data-v-b038cec6>66</h3> <h6 data-v-b038cec6>文章</h6></div> <div data-v-b038cec6><h3 data-v-b038cec6>17</h3> <h6 data-v-b038cec6>标签</h6></div></div> <hr data-v-b038cec6></div> <nav class="nav-links"><div class="nav-item"><a href="/blog/" class="nav-link"><i class="iconfont reco-home"></i>
  首页
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-category"></i>
      分类
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/blog/categories/build/" class="nav-link"><i class="iconfont undefined"></i>
  build
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/db/" class="nav-link"><i class="iconfont undefined"></i>
  db
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/docker/" class="nav-link"><i class="iconfont undefined"></i>
  docker
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/workflow/" class="nav-link"><i class="iconfont undefined"></i>
  workflow
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/git/" class="nav-link"><i class="iconfont undefined"></i>
  git
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/java/" class="nav-link"><i class="iconfont undefined"></i>
  java
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/source/" class="nav-link"><i class="iconfont undefined"></i>
  source
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/linux/" class="nav-link"><i class="iconfont undefined"></i>
  linux
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/network/" class="nav-link"><i class="iconfont undefined"></i>
  network
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/python/" class="nav-link"><i class="iconfont undefined"></i>
  python
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/project/" class="nav-link"><i class="iconfont undefined"></i>
  project
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/share/" class="nav-link"><i class="iconfont undefined"></i>
  share
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/software/" class="nav-link"><i class="iconfont undefined"></i>
  software
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/spring/" class="nav-link"><i class="iconfont undefined"></i>
  spring
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/tomcat/" class="nav-link"><i class="iconfont undefined"></i>
  tomcat
</a></li><li class="dropdown-item"><!----> <a href="/blog/categories/web/" class="nav-link"><i class="iconfont undefined"></i>
  web
</a></li></ul></div></div><div class="nav-item"><a href="/blog/tag/" class="nav-link"><i class="iconfont reco-tag"></i>
  标签
</a></div><div class="nav-item"><a href="/blog/views/guide.html" class="nav-link"><i class="iconfont reco-other"></i>
  记录
</a></div><div class="nav-item"><a href="/blog/timeline/" class="nav-link"><i class="iconfont reco-date"></i>
  时间线
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-message"></i>
      外链
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/huhuhan" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-github"></i>
  GitHub
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://gitee.com/huhu_han" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  Gitee
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://console.leancloud.app/#/apps" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  有道云笔记
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://console.leancloud.app/#/apps" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  LeadCloud
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://cloud.seafile.com/" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  Seafile
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li><li class="dropdown-item"><!----> <a href="https://huhu_han.gitee.io/downgit" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-other"></i>
  DownGit
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>Spring Security 总结</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/blog/views/spring/spring-security.html#简介" class="sidebar-link">简介</a><ul class="sidebar-sub-headers"></ul></li><li><a href="/blog/views/spring/spring-security.html#总结" class="sidebar-link">总结</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#认证" class="sidebar-link">认证</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#鉴权" class="sidebar-link">鉴权</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#其他过滤器" class="sidebar-link">其他过滤器</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#异常处理" class="sidebar-link">异常处理</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#安全配置-3" class="sidebar-link">安全配置</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#扩展" class="sidebar-link">扩展</a></li></ul></li><li><a href="/blog/views/spring/spring-security.html#源码" class="sidebar-link">源码</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#认证对象" class="sidebar-link">认证对象</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#认证过滤器-2" class="sidebar-link">认证过滤器</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#认证管理器" class="sidebar-link">认证管理器</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#认证程序" class="sidebar-link">认证程序</a></li><li class="sidebar-sub-header"><a href="/blog/views/spring/spring-security.html#鉴权过滤器-2" class="sidebar-link">鉴权过滤器</a></li></ul></li></ul></section></li></ul> </aside> <div class="password-shadow password-wrapper-in" style="display:none;" data-v-64685f0e data-v-19557b78><h3 class="title" style="display:none;" data-v-64685f0e data-v-64685f0e>Spring Security 总结</h3> <!----> <label id="box" class="inputBox" style="display:none;" data-v-64685f0e data-v-64685f0e><input type="password" value="" data-v-64685f0e> <span data-v-64685f0e>Konck! Knock!</span> <button data-v-64685f0e>OK</button></label> <div class="footer" style="display:none;" data-v-64685f0e data-v-64685f0e><span data-v-64685f0e><i class="iconfont reco-theme" data-v-64685f0e></i> <a target="blank" href="https://vuepress-theme-reco.recoluan.com" data-v-64685f0e>vuePress-theme-reco</a></span> <span data-v-64685f0e><i class="iconfont reco-copyright" data-v-64685f0e></i> <a data-v-64685f0e><span data-v-64685f0e>寒铁</span>
            
          <span data-v-64685f0e>2020 - </span>
          2022
        </a></span></div></div> <div data-v-19557b78><main class="page"><div class="page-title" style="display:none;"><h1>Spring Security 总结</h1> <hr> <div data-v-484a899e><i class="iconfont reco-account" data-v-484a899e><span data-v-484a899e>寒铁</span></i> <i class="iconfont reco-date" data-v-484a899e><span data-v-484a899e>2020-05-31</span></i> <i class="iconfont reco-eye" data-v-484a899e><span id="/blog/views/spring/spring-security.html" data-flag-title="Your Article Title" class="leancloud-visitors" data-v-484a899e><a class="leancloud-visitors-count" style="font-size:.9rem;font-weight:normal;color:#999;"></a></span></i> <i class="iconfont reco-tag tags" data-v-484a899e><span class="tag-item" data-v-484a899e>
      spring
    </span><span class="tag-item" data-v-484a899e>
      source
    </span></i></div></div> <div class="theme-reco-content content__default" style="display:none;"><blockquote><p>以下是从<strong>过滤器链</strong>角度开始分析，后续可以从oauth2的<strong>TokenEndpoint</strong>（即controller）角度分析</p></blockquote> <h2 id="简介"><a href="#简介" class="header-anchor">#</a> 简介</h2> <p>Spring Security 主要功能：<strong>认证、鉴权</strong></p> <p>主要基于 Servlet Filter实现</p> <p>主要设计模式：适配器模式</p> <p>下载：</p> <ul><li><a href="http://huhu_han.gitee.io/downgit/#/home?url=https://github.com/huhuhan/demo-all/tree/master/demo2018/demo-security" target="_blank" rel="noopener noreferrer">demo2018<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li> <li><a href="http://huhu_han.gitee.io/downgit/#/home?url=https://github.com/huhuhan/demo-all/tree/master/demo2020/auth-security" target="_blank" rel="noopener noreferrer">demo-starter<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul> <p>由于maven父子依赖的关系，demo下载后，修改父类依赖，补充基础lombok依赖</p> <div class="language-xml line-numbers-mode"><pre class="language-xml"><code><span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>project</span><span class="token punctuation">&gt;</span></span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>parent</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>groupId</span><span class="token punctuation">&gt;</span></span>org.springframework.boot<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>groupId</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>artifactId</span><span class="token punctuation">&gt;</span></span>spring-boot-starter-parent<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>artifactId</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>version</span><span class="token punctuation">&gt;</span></span>2.1.5.RELEASE<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>version</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>relativePath</span><span class="token punctuation">/&gt;</span></span> <span class="token comment">&lt;!-- lookup parent from repository --&gt;</span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>parent</span><span class="token punctuation">&gt;</span></span>
    
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>dependencies</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>dependency</span><span class="token punctuation">&gt;</span></span>
            <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>groupId</span><span class="token punctuation">&gt;</span></span>org.projectlombok<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>groupId</span><span class="token punctuation">&gt;</span></span>
            <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>artifactId</span><span class="token punctuation">&gt;</span></span>lombok<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>artifactId</span><span class="token punctuation">&gt;</span></span>
            <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>version</span><span class="token punctuation">&gt;</span></span>1.18.10<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>version</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>dependency</span><span class="token punctuation">&gt;</span></span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>dependencies</span><span class="token punctuation">&gt;</span></span>
<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>project</span><span class="token punctuation">&gt;</span></span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br></div></div><h2 id="总结"><a href="#总结" class="header-anchor">#</a> 总结</h2> <h3 id="认证"><a href="#认证" class="header-anchor">#</a> 认证</h3> <p>目标：<strong>得到认证对象，存储到Security的上下文对象中</strong></p> <blockquote><p><code>SecurityContextHolder</code>：上下文对象工具类，采用<strong>ThreadLocal</strong> 实现，保证获取当前用户的上下文对象。</p> <p><code>SecurityContext</code>：上下文对象，核心对象，封装很多当前用户信息对象</p></blockquote> <h4 id="认证过滤器"><a href="#认证过滤器" class="header-anchor">#</a> 认证过滤器</h4> <p>框架提供了以下几种：</p> <ul><li><strong>用户密码认证</strong>：<code>AbstractAuthenticationProcessingFilter</code>抽象类和<code>UsernamePasswordAuthenticationFilter</code>实现类</li> <li>匿名认证：<code>AnonymousAuthenticationFilter</code></li> <li>Basic认证：<code>BasicAuthenticationFilter</code></li> <li>Digest认证：<code>DigestAuthenticationFilter</code></li> <li>RememberMe认证：<code>RememberMeAuthenticationFilter</code></li> <li>Session认证：<code>SessionManagementFilter</code></li></ul> <blockquote><p>参考 GenericFilterBean类的子类XXAuthenticationFilter，自定义扩展认证过滤器，可以参考命名</p></blockquote> <h4 id="用户密码认证"><a href="#用户密码认证" class="header-anchor">#</a> 用户密码认证</h4> <blockquote><ul><li>认证对象：即<code>Authentication</code>接口，最终的封装对象，<code>isAuthenticated()</code>方法判断是否认证成功</li> <li>登录对象：即<code>UserDetails</code>接口，包含登录信息，用于登录验证</li> <li>认证管理器：即<code>AuthenticationManager</code>接口，默认实现类<code>ProviderManager</code></li> <li>认证程序：即<code>AuthenticationProvider</code>接口，常用实现类<code>DaoAuthenticationProvider</code>，其抽象父类<code>AbstractUserDetailsAuthenticationProvider</code></li></ul></blockquote> <p>大致步骤如下：</p> <ol><li>过滤器拦截（doFilter），先判断是否<strong>是需要认证的请求</strong>，再获取认证对象</li> <li>实现类则<strong>创建认证对象</strong>，用认证管理器认证</li> <li>默认实现类，遍历内部属性<strong>认证程序集合</strong>认证</li> <li>遍历认证，<strong>认证程序</strong>是否支持认证？认证？有一种能返回认证对象即可</li> <li>比如用户密码的认证程序？
<ol><li>从缓存获取登录对象</li> <li>根据<code>UserDetailsService</code>接口的<code>loadUserByUsername()</code><strong>获取登录对象</strong></li> <li>验证登录对象，根据接口的4个方法验证是否有效</li> <li><strong>创建认证对象</strong>，返回</li></ol></li> <li>存储在<code>SecurityContext</code>上下文对象中</li></ol> <h4 id="开发参考"><a href="#开发参考" class="header-anchor">#</a> 开发参考</h4> <p>通过以上步骤了解到，实际开发常见有以下几种方式：</p> <ul><li>自定义过滤器，继承<code>OncePerRequestFilter</code>抽象类，结果<code>Authentication</code>直接存储<code>SecurityContext</code>上下文对象中。<strong>适合扩展如<code>JWTAuthenticationFilter</code></strong></li> <li>自定义认证程序，实现<code>AuthenticationProvider</code>接口，重写<code>authenticate()</code>，返回<code>Authentication</code>。<strong>适合扩展如短信、验证码方式</strong></li> <li>自定义<code>UserDetailsService</code>实现类，重写<code>loadUserByUsername()</code>，可扩展<code>UserDetails</code>实体类，返回<code>UserDetails</code>对象。<strong>常规扩展，重写登录对象的获取方法</strong></li></ul> <h4 id="安全配置"><a href="#安全配置" class="header-anchor">#</a> 安全配置</h4> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token comment">// WebSecurity配置类</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">YHWebSecurityAutoConfiguration</span> <span class="token keyword">extends</span> <span class="token class-name">WebSecurityConfigurerAdapter</span> <span class="token punctuation">{</span>
    <span class="token comment">//....</span>
	<span class="token annotation punctuation">@Override</span>
    <span class="token keyword">protected</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthenticationManagerBuilder</span> auth<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">//在内存中模拟一个用户</span>
        auth<span class="token punctuation">.</span><span class="token function">inMemoryAuthentication</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
            <span class="token punctuation">.</span><span class="token function">passwordEncoder</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">CustomPwdEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
            <span class="token punctuation">.</span><span class="token function">withUser</span><span class="token punctuation">(</span><span class="token string">&quot;user&quot;</span><span class="token punctuation">)</span>
            <span class="token punctuation">.</span><span class="token function">password</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">CustomPwdEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">encode</span><span class="token punctuation">(</span><span class="token string">&quot;pwd&quot;</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">roles</span><span class="token punctuation">(</span><span class="token string">&quot;USER&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">//加入自定义认证程序</span>
        auth<span class="token punctuation">.</span><span class="token function">authenticationProvider</span><span class="token punctuation">(</span>demoAuthenticationProvider<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">//加入DaoAuthenticationProvider，重写登录对象的获取方法</span>
        auth<span class="token punctuation">.</span><span class="token function">userDetailsService</span><span class="token punctuation">(</span>myUserDetailsManager<span class="token punctuation">)</span>
            <span class="token punctuation">.</span><span class="token function">passwordEncoder</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">BCryptPasswordEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br></div></div><h3 id="鉴权"><a href="#鉴权" class="header-anchor">#</a> 鉴权</h3> <p>目标：<strong>请求URL通过鉴权可以访问</strong></p> <h4 id="鉴权过滤器"><a href="#鉴权过滤器" class="header-anchor">#</a> 鉴权过滤器</h4> <ul><li><code>FilterSecurityInterceptor</code>：默认顺序是所有安全过滤器中的最后一个</li> <li><code>MethodSecurityInterceptor</code>：适用于方法鉴权注解拦截</li></ul> <h4 id="默认过滤器"><a href="#默认过滤器" class="header-anchor">#</a> 默认过滤器</h4> <p><strong>FilterSecurityInterceptor</strong>过滤器大致步骤如下：</p> <blockquote><ul><li>过滤器链对象：即<code>FilterInvocation</code>类，spring的所有过滤器也是基于一个过滤器链去逐个doFilter</li> <li>访问决策管理器：即<code>AccessDecisionManager</code>接口，默认实现类<code>AffirmativeBased</code></li> <li>安全元数据对象：即<code>SecurityMetadataSource</code>接口，默认子接口<code>FilterInvocationSecurityMetadataSource</code>，默认实现类<code>DefaultFilterInvocationSecurityMetadataSource</code></li> <li>权限对象集合：即<code>Collection&lt;ConfigAttribute&gt; configAttributes</code></li> <li>投票决策：即<code>AccessDecisionVoter</code>接口，默认实现类<code>WebExpressionVoter</code></li></ul></blockquote> <ol><li><p>过滤器拦截（doFilter），<strong>请求封装成过滤器链对象</strong></p></li> <li><p>判断是否要触发前置后置验证，或直接验证过滤器链</p></li> <li><p>需要，则先触发<strong>前置验证</strong>，<s>过滤器链验证，再后置验证</s>，共3个步骤</p></li> <li><p>重点，前置方法中调用<strong>访问决策管理器</strong>验证是否可以访问</p> <ol><li>参数一：认证对象，上下文对象中取出，判断是否认证即<strong>isAuthenticated()</strong>，没有则用认证管理器认证</li> <li>参数二： 过滤器链对象，包括请求对象等信息</li> <li>参数三：权限对象集合，<strong>由安全元数据对象的getAttributes方法获取</strong>，默认取WebSecurity加载的配置</li></ol></li> <li><p>访问决策管理器默认实现AffirmativeBased，采用<strong>投票决策</strong>，根据结果判断是否报异常。</p></li></ol> <h4 id="开发参考-2"><a href="#开发参考-2" class="header-anchor">#</a> 开发参考</h4> <p>通过以上主要步骤得出，实际开发的几种实现方式：</p> <ul><li><p><strong>自定义访问决策对象</strong>，实现<code>AccessDecisionManager</code>接口</p></li> <li><p><strong>重写安全元数据对象</strong>，即实现<code>FilterInvocationSecurityMetadataSource</code>接口，重写<code>getAttributes()</code></p></li> <li><p>一般以上两种一起用，或者直接用默认实现，直接配置元数据</p></li> <li><p>自定义过滤器链，参考源码改</p></li></ul> <h4 id="安全配置-2"><a href="#安全配置-2" class="header-anchor">#</a> 安全配置</h4> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token comment">// WebSecurity配置类</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">YHWebSecurityAutoConfiguration</span> <span class="token keyword">extends</span> <span class="token class-name">WebSecurityConfigurerAdapter</span> <span class="token punctuation">{</span>
    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">protected</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">HttpSecurity</span> http<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">/** 重新指定，决策对象和权限元数据对象 */</span>
        http<span class="token punctuation">.</span><span class="token function">authorizeRequests</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">withObjectPostProcessor</span><span class="token punctuation">(</span><span class="token keyword">new</span> 		<span class="token class-name">ObjectPostProcessor</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">FilterSecurityInterceptor</span><span class="token punctuation">&gt;</span></span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
                    <span class="token annotation punctuation">@Override</span>
                    <span class="token keyword">public</span> <span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">O</span> <span class="token keyword">extends</span> <span class="token class-name">FilterSecurityInterceptor</span><span class="token punctuation">&gt;</span></span> <span class="token class-name">O</span> <span class="token function">postProcess</span><span class="token punctuation">(</span><span class="token class-name">O</span> object<span class="token punctuation">)</span> 					<span class="token punctuation">{</span>
                        object<span class="token punctuation">.</span><span class="token function">setSecurityMetadataSource</span><span class="token punctuation">(</span>mySecurityMetadataSource<span class="token punctuation">)</span><span class="token punctuation">;</span>
                        object<span class="token punctuation">.</span><span class="token function">setAccessDecisionManager</span><span class="token punctuation">(</span>myAccessDecisionManager<span class="token punctuation">)</span><span class="token punctuation">;</span>
                        <span class="token keyword">return</span> object<span class="token punctuation">;</span>
                    <span class="token punctuation">}</span>
                <span class="token punctuation">}</span><span class="token punctuation">)</span>
                <span class="token comment">//添加请求对应角色权限的</span>
                <span class="token punctuation">.</span><span class="token function">antMatchers</span><span class="token punctuation">(</span><span class="token string">&quot;/test-url&quot;</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">hasAnyRole</span><span class="token punctuation">(</span><span class="token string">&quot;ROLE_TEST&quot;</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">anyRequest</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">authenticated</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

        <span class="token comment">/** 添加自定义过滤器链，默认FilterSecurityInterceptor排序为最后个 */</span>
        <span class="token comment">//http.addFilterAt(MyFilterSecurityInterceptor.init(), FilterSecurityInterceptor.class);</span>
        
        <span class="token comment">/** 其他配置 */</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br></div></div><table><thead><tr><th>表达式</th> <th>说明</th></tr></thead> <tbody><tr><td>permitAll</td> <td>永远返回true</td></tr> <tr><td>denyAll</td> <td>永远返回false</td></tr> <tr><td>anonymous</td> <td>当前用户是anonymous时返回true</td></tr> <tr><td>rememberMe</td> <td>当前用户是rememberMe用户时返回true</td></tr> <tr><td>authenticated</td> <td>当前用户不是anonymous时返回true</td></tr> <tr><td>fullAuthenticated</td> <td>当前用户既不是anonymous也不是rememberMe用户时返回true</td></tr> <tr><td>hasRole（role）</td> <td>用户拥有指定的角色权限时返回true</td></tr> <tr><td>hasAnyRole（[role1，role2]）</td> <td>用户拥有任意一个指定的角色权限时返回true</td></tr> <tr><td>hasAuthority（authority）</td> <td>用户拥有指定的权限时返回true</td></tr> <tr><td>hasAnyAuthority（[authority1,authority2]）</td> <td>用户拥有任意一个指定的权限时返回true</td></tr> <tr><td>hasIpAddress（'192.168.1.0'）</td> <td>请求发送的Ip匹配时返回true</td></tr></tbody></table> <h3 id="其他过滤器"><a href="#其他过滤器" class="header-anchor">#</a> 其他过滤器</h3> <p>上下文对象过滤器</p> <ul><li><p>过滤器：<strong>SecurityContextPersistenceFilter</strong></p></li> <li><p>上下文对象：SecurityContext</p></li> <li><p>作用：<strong>根据request获取HttpSession，再从HttpSession中获取上文下对象</strong>，每次请求后respose中带回Cookie，所以下次<strong>请求的Cookie中包含HttpSession信息</strong></p></li> <li><p>ps：原生security就是基于session来解析认证对象，来保证后续认证鉴权</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210125180630.png" alt=""></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210125180703.png" alt=""></p></li></ul> <p>匿名对象过滤器</p> <ul><li><p>过滤器：<strong>AnonymousAuthenticationFilter</strong></p></li> <li><p>作用：上下文对象中不存在认证对象，则封装一个<strong>AnonymousAuthenticationToken认证对象</strong></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210125180105.png" alt=""></p></li></ul> <blockquote><p>jwt的扩展，其中一步就是自定义jwtToken的解析过滤器，请求头获取、解析，验证，最终存到上下文对象中</p> <p>详情，后续的spring cloud oauht2再分析（OAuth2AuthenticationProcessingFilter）</p></blockquote> <h3 id="异常处理"><a href="#异常处理" class="header-anchor">#</a> 异常处理</h3> <p><strong>访问异常处理</strong>分为以下几种：</p> <ul><li>未登录访问：异常<code>AccessDeniedException</code>，实现<code>AuthenticationEntryPoint</code>接口，重写<code>commence()</code>，默认实现<code>LoginUrlAuthenticationEntryPoint</code>跳转登录页</li> <li>已登录，但无权访问：异常<code>AuthenticationException</code>，实现<code>AccessDeniedHandler</code>接口，重写<code>handle()</code>，默认实现<code>AccessDeniedHandlerImpl</code>返回403</li></ul> <p><strong>登录、登出处理</strong>分为以下几种：</p> <ul><li>登录认证成功：实现<code>AuthenticationSuccessHandler</code>接口，重写<code>onAuthenticationSuccess()</code>，默认实现<code>SavedRequestAwareAuthenticationSuccessHandler</code>以及抽象父类</li> <li>登录认证失败：实现<code>AuthenticationFailureHandler</code>接口，重写<code>onAuthenticationFailure()</code>，默认实现<code>SimpleUrlAuthenticationFailureHandler</code>以及抽象父类</li> <li>成功登出处理：实现<code>LogoutSuccessHandler</code>接口， 重写<code>onLogoutSuccess()</code>，默认实现<code>SimpleUrlLogoutSuccessHandler</code></li></ul> <p><strong>并发Session</strong></p> <ul><li>基于<code>SessionManagementFilter</code>过滤器进行session认证，由<code>SessionAuthenticationStrategy</code>管理认证。</li> <li><a href="https://segmentfault.com/a/1190000015698347" target="_blank" rel="noopener noreferrer">参考<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li> <li>jwt认证不考虑，session、cookie认证需要考虑</li></ul> <h3 id="安全配置-3"><a href="#安全配置-3" class="header-anchor">#</a> 安全配置</h3> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token annotation punctuation">@EnableConfigurationProperties</span><span class="token punctuation">(</span><span class="token punctuation">{</span><span class="token class-name">YHSecurityProperties</span><span class="token punctuation">.</span><span class="token keyword">class</span><span class="token punctuation">}</span><span class="token punctuation">)</span>
<span class="token annotation punctuation">@ConditionalOnProperty</span><span class="token punctuation">(</span>
        prefix <span class="token operator">=</span> <span class="token string">&quot;yh.security&quot;</span><span class="token punctuation">,</span>
        value <span class="token operator">=</span> <span class="token string">&quot;enabled&quot;</span><span class="token punctuation">,</span>
        matchIfMissing <span class="token operator">=</span> <span class="token boolean">true</span>
<span class="token punctuation">)</span>
<span class="token comment">//@EnableWebSecurity</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">YHWebSecurityAutoConfiguration</span> <span class="token keyword">extends</span> <span class="token class-name">WebSecurityConfigurerAdapter</span> <span class="token punctuation">{</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">DemoAuthenticationProvider</span> demoAuthenticationProvider<span class="token punctuation">;</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">MyUserDetailsManager</span> myUserDetailsManager<span class="token punctuation">;</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">MyAccessDeniedHandler</span> myAccessDeniedHandler<span class="token punctuation">;</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span> <span class="token class-name">MyLoginUrlAuthenticationEntryPoint</span> macLoginUrlAuthenticationEntryPoint<span class="token punctuation">;</span>
    
    <span class="token comment">/** 配置读取 */</span>
    <span class="token annotation punctuation">@Autowired</span>
    <span class="token keyword">private</span>  <span class="token class-name">YHSecurityProperties</span> yhSecurityProperties<span class="token punctuation">;</span>

    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">init</span><span class="token punctuation">(</span><span class="token class-name">WebSecurity</span> web<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">//默认加载FilterSecurityInterceptor，点击父类方法查看</span>
        <span class="token keyword">super</span><span class="token punctuation">.</span><span class="token function">init</span><span class="token punctuation">(</span>web<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">protected</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">AuthenticationManagerBuilder</span> auth<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">//在内存中创建一个名为 &quot;user&quot; 的用户，密码为 &quot;pwd&quot;，拥有 &quot;USER&quot; 权限，密码使用自定义实现类CustomPwdEncoder加密</span>
        auth<span class="token punctuation">.</span><span class="token function">inMemoryAuthentication</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">passwordEncoder</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">CustomPwdEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">withUser</span><span class="token punctuation">(</span><span class="token string">&quot;user&quot;</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">password</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">CustomPwdEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">encode</span><span class="token punctuation">(</span><span class="token string">&quot;pwd&quot;</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">roles</span><span class="token punctuation">(</span><span class="token string">&quot;USER&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">//将自定义验证类注册进去</span>
        auth<span class="token punctuation">.</span><span class="token function">authenticationProvider</span><span class="token punctuation">(</span>demoAuthenticationProvider<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">//加入数据库验证类，下面的语句实际上在验证链中加入了一个DaoAuthenticationProvider</span>
        auth<span class="token punctuation">.</span><span class="token function">userDetailsService</span><span class="token punctuation">(</span>myUserDetailsManager<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">passwordEncoder</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">BCryptPasswordEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">WebSecurity</span> web<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">//security 直接忽略的请求，一般配置静态文件</span>
        web<span class="token punctuation">.</span><span class="token function">ignoring</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token comment">//框架默认的一些请求</span>
                <span class="token punctuation">.</span><span class="token function">antMatchers</span><span class="token punctuation">(</span><span class="token string">&quot;/error&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;/csrf&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;/*.ico&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//swagger页面的请求</span>
                <span class="token punctuation">.</span><span class="token function">antMatchers</span><span class="token punctuation">(</span><span class="token string">&quot;/swagger-ui.html&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;/swagger-resources/**&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;/v2/api-docs/**&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;/webjars/**&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//前端测试页面请求，本项目的测试模块在view包</span>
                <span class="token punctuation">.</span><span class="token function">antMatchers</span><span class="token punctuation">(</span><span class="token string">&quot;/&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;/index&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;/login_y&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>

    <span class="token annotation punctuation">@Override</span>
    <span class="token keyword">protected</span> <span class="token keyword">void</span> <span class="token function">configure</span><span class="token punctuation">(</span><span class="token class-name">HttpSecurity</span> http<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
        <span class="token comment">/** 权限访问配置，默认FilterSecurityInterceptor */</span>
        http<span class="token punctuation">.</span><span class="token function">authorizeRequests</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">antMatchers</span><span class="token punctuation">(</span><span class="token string">&quot;/depart2&quot;</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">hasAnyRole</span><span class="token punctuation">(</span><span class="token string">&quot;ROLE_DEPART2&quot;</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">anyRequest</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">authenticated</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">/** 新增自己的过滤器链，默认FilterSecurityInterceptor排序为最后个 */</span>
        <span class="token comment">//http.addFilterAt(MyFilterSecurityInterceptor.init(), FilterSecurityInterceptor.class);</span>
        
        <span class="token comment">/** 新增其他过滤器 */</span>
        http<span class="token punctuation">.</span><span class="token function">addFilterBefore</span><span class="token punctuation">(</span><span class="token class-name">RefererCsrfFilter</span><span class="token punctuation">.</span><span class="token function">init</span><span class="token punctuation">(</span>yhSecurityProperties<span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token class-name">CsrfFilter</span><span class="token punctuation">.</span><span class="token keyword">class</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        
        <span class="token comment">/** 登录页配置 */</span>
        http<span class="token punctuation">.</span><span class="token function">formLogin</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token comment">//自己的登录页面</span>
                <span class="token punctuation">.</span><span class="token function">loginPage</span><span class="token punctuation">(</span><span class="token string">&quot;/login_h&quot;</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">loginProcessingUrl</span><span class="token punctuation">(</span><span class="token string">&quot;/login&quot;</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">usernameParameter</span><span class="token punctuation">(</span><span class="token string">&quot;myUserName&quot;</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">passwordParameter</span><span class="token punctuation">(</span><span class="token string">&quot;myPassword&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//以上登录地址也属于可访问</span>
                <span class="token punctuation">.</span><span class="token function">permitAll</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">/** 登出页配置 */</span>
        http<span class="token punctuation">.</span><span class="token function">logout</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token punctuation">.</span><span class="token function">logoutSuccessUrl</span><span class="token punctuation">(</span><span class="token string">&quot;/login_h&quot;</span><span class="token punctuation">)</span>
                <span class="token comment">//适合前后端分离配置</span>
<span class="token comment">//                .logoutSuccessHandler(new MyLogoutSuccessHandler())</span>
                <span class="token punctuation">.</span><span class="token function">permitAll</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token comment">/** 异常处理 */</span>
        http<span class="token punctuation">.</span><span class="token function">exceptionHandling</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
                <span class="token comment">//未登录无权访问异常处理</span>
                <span class="token punctuation">.</span><span class="token function">authenticationEntryPoint</span><span class="token punctuation">(</span>macLoginUrlAuthenticationEntryPoint<span class="token punctuation">)</span>
                <span class="token comment">//已登录无权访问异常处理</span>
                <span class="token punctuation">.</span><span class="token function">accessDeniedHandler</span><span class="token punctuation">(</span>myAccessDeniedHandler<span class="token punctuation">)</span>
                <span class="token comment">//无效访问跳转的页面</span>
<span class="token comment">//                .accessDeniedPage(&quot;&quot;)</span>
                <span class="token punctuation">;</span>
        <span class="token comment">/** 其他配置 */</span>
        http<span class="token punctuation">.</span><span class="token function">csrf</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">disable</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
<span class="token punctuation">}</span>

</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br><span class="line-number">29</span><br><span class="line-number">30</span><br><span class="line-number">31</span><br><span class="line-number">32</span><br><span class="line-number">33</span><br><span class="line-number">34</span><br><span class="line-number">35</span><br><span class="line-number">36</span><br><span class="line-number">37</span><br><span class="line-number">38</span><br><span class="line-number">39</span><br><span class="line-number">40</span><br><span class="line-number">41</span><br><span class="line-number">42</span><br><span class="line-number">43</span><br><span class="line-number">44</span><br><span class="line-number">45</span><br><span class="line-number">46</span><br><span class="line-number">47</span><br><span class="line-number">48</span><br><span class="line-number">49</span><br><span class="line-number">50</span><br><span class="line-number">51</span><br><span class="line-number">52</span><br><span class="line-number">53</span><br><span class="line-number">54</span><br><span class="line-number">55</span><br><span class="line-number">56</span><br><span class="line-number">57</span><br><span class="line-number">58</span><br><span class="line-number">59</span><br><span class="line-number">60</span><br><span class="line-number">61</span><br><span class="line-number">62</span><br><span class="line-number">63</span><br><span class="line-number">64</span><br><span class="line-number">65</span><br><span class="line-number">66</span><br><span class="line-number">67</span><br><span class="line-number">68</span><br><span class="line-number">69</span><br><span class="line-number">70</span><br><span class="line-number">71</span><br><span class="line-number">72</span><br><span class="line-number">73</span><br><span class="line-number">74</span><br><span class="line-number">75</span><br><span class="line-number">76</span><br><span class="line-number">77</span><br><span class="line-number">78</span><br><span class="line-number">79</span><br><span class="line-number">80</span><br><span class="line-number">81</span><br><span class="line-number">82</span><br><span class="line-number">83</span><br><span class="line-number">84</span><br><span class="line-number">85</span><br><span class="line-number">86</span><br><span class="line-number">87</span><br><span class="line-number">88</span><br><span class="line-number">89</span><br><span class="line-number">90</span><br></div></div><h3 id="扩展"><a href="#扩展" class="header-anchor">#</a> 扩展</h3> <ul><li><p>自定义登录接口（手动调用登录验证），在接口中补发token</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>    <span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">Authentication</span> <span class="token function">login</span><span class="token punctuation">(</span><span class="token class-name">HttpServletRequest</span> request<span class="token punctuation">,</span> <span class="token class-name">String</span> userName<span class="token punctuation">,</span> <span class="token class-name">String</span> pwd<span class="token punctuation">,</span> <span class="token keyword">boolean</span> isIgnorePwd<span class="token punctuation">)</span> <span class="token punctuation">{</span>
        <span class="token class-name">AuthenticationManager</span> authenticationManager <span class="token operator">=</span> <span class="token class-name">MySpringUtils</span><span class="token punctuation">.</span><span class="token function">getBean</span><span class="token punctuation">(</span><span class="token string">&quot;authenticationManager&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">CustomPwdEncoder</span><span class="token punctuation">.</span><span class="token function">setIgnore</span><span class="token punctuation">(</span>isIgnorePwd<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">UsernamePasswordAuthenticationToken</span> authRequest <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">UsernamePasswordAuthenticationToken</span><span class="token punctuation">(</span>userName<span class="token punctuation">,</span> pwd<span class="token punctuation">)</span><span class="token punctuation">;</span>
        authRequest<span class="token punctuation">.</span><span class="token function">setDetails</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">WebAuthenticationDetails</span><span class="token punctuation">(</span>request<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">SecurityContext</span> securityContext <span class="token operator">=</span> <span class="token class-name">SecurityContextHolder</span><span class="token punctuation">.</span><span class="token function">getContext</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token class-name">Authentication</span> auth <span class="token operator">=</span> authenticationManager<span class="token punctuation">.</span><span class="token function">authenticate</span><span class="token punctuation">(</span>authRequest<span class="token punctuation">)</span><span class="token punctuation">;</span>
        securityContext<span class="token punctuation">.</span><span class="token function">setAuthentication</span><span class="token punctuation">(</span>auth<span class="token punctuation">)</span><span class="token punctuation">;</span>
        <span class="token keyword">return</span> auth<span class="token punctuation">;</span>
    <span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br></div></div></li></ul> <h2 id="源码"><a href="#源码" class="header-anchor">#</a> 源码</h2> <h3 id="认证对象"><a href="#认证对象" class="header-anchor">#</a> 认证对象</h3> <p>即<code>Authentication</code>接口，源码如下<img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/1-1.png" alt=""></p> <p>接口实现类有以下几种，如图，比较常见的有<img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/1-2.png" alt=""></p> <ul><li><p><code>AnonymousAuthenticationToken</code>：过滤器<code>AnonymousAuthenticationFilter</code>中使用</p></li> <li><p><code>UsernamePasswordAuthenticationToken</code>：最常用的用户密码类型身份认证对象</p></li> <li><p>其他Token适用于其他安全过滤器</p></li></ul> <h3 id="认证过滤器-2"><a href="#认证过滤器-2" class="header-anchor">#</a> 认证过滤器</h3> <ul><li><p>用户密码认证过滤器，即<code>AbstractAuthenticationProcessingFilter</code>抽象类，源码如下</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/2-1.png" alt=""></p> <p><code>UsernamePasswordAuthenticationFilter</code>实现类，源码如下</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/2-2.png" alt=""></p></li> <li><p>匿名认证过滤器，即<code>AnonymousAuthenticationFilter</code>，没有登陆所以会创建一个匿名身份认证对象，用于后续鉴权所用。</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/2-3.png" alt=""></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/2-4.png" alt=""></p></li> <li><p>Basic认证过滤器，即<code>BasicAuthenticationFilter</code></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/2-5.png" alt=""></p></li> <li><p>RememberMe认证过滤器，即<code>RememberMeAuthenticationFilter</code></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/2-6.png" alt=""></p></li></ul> <h3 id="认证管理器"><a href="#认证管理器" class="header-anchor">#</a> 认证管理器</h3> <p>即<code>ProviderManager</code>认证调用对象，实现接口<code>AuthenticationManager</code>，方法为<code>authenticate()</code>，源码如下<img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/3-1.png" alt=""></p> <h3 id="认证程序"><a href="#认证程序" class="header-anchor">#</a> 认证程序</h3> <p>即<code>AuthenticationProvider</code>接口，以及实现类，源码如下<img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/4-1.png" alt=""></p> <ul><li><p><code>DaoAuthenticationProvider</code>：其抽象父类<code>AbstractUserDetailsAuthenticationProvider</code>的认证方法</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/4-2.png" alt=""></p> <p>该类的<code>retrieveUser</code>方法和<code>getUserDetailsService</code>方法</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/4-3.png" alt=""></p> <p>最后的<code>UserDetailsService</code>接口，框架提供的实现类，如下</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/4-4.png" alt=""></p></li> <li><p><code>RememberMeAuthenticationProvider</code>: 比较简单，<code>supports()</code>通过直接返回当前authentication对象</p></li></ul> <h3 id="鉴权过滤器-2"><a href="#鉴权过滤器-2" class="header-anchor">#</a> 鉴权过滤器</h3> <p>即默认<code>FilterSecurityInterceptor</code>，源码如下</p> <ul><li><p>触发前置验证</p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/5-1.png" alt=""></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/5-2.png" alt=""></p> <blockquote><p>其中权限对象集合：即<code>Collection&lt;ConfigAttribute&gt; configAttributes</code>，其默认实现</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token keyword">class</span> <span class="token class-name">WebExpressionConfigAttribute</span> <span class="token keyword">implements</span> <span class="token class-name">ConfigAttribute</span><span class="token punctuation">{</span>
    <span class="token comment">// 封装的权限表达对象，接口</span>
 	<span class="token keyword">private</span> <span class="token keyword">final</span> <span class="token class-name">Expression</span> authorizeExpression<span class="token punctuation">;</span>
    <span class="token comment">//...</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div><div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">SpelExpression</span> <span class="token keyword">implements</span> <span class="token class-name">Expression</span><span class="token punctuation">{</span>
    <span class="token comment">// Spring的表达式，即SpEL， 抽象类</span>
    <span class="token keyword">private</span> <span class="token keyword">final</span> <span class="token class-name">SpelNodeImpl</span> ast<span class="token punctuation">;</span>
    <span class="token comment">//...</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div></blockquote></li> <li><p>默认实现，访问决策对象<strong>AffirmativeBased</strong></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/spring%20security/5-4.png" alt=""></p> <blockquote><p>其中红框的投票接口AccessDecisionVoter</p></blockquote></li> <li><p>默认实现，投票方式<strong>WebExpressionVoter</strong></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210122145122.png" alt=""></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210122145251.png" alt=""></p></li> <li><p>默认实现，Spring的表达式<strong>SpelExpression</strong></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210122145429.png" alt=""></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210122150526.png" alt=""></p> <ul><li><p>比如安全配置的方法鉴权</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>http<span class="token punctuation">.</span><span class="token function">authorizeRequests</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
    <span class="token comment">// 不用加ROLE_前缀，源码内部判断自动拼接</span>
    <span class="token punctuation">.</span><span class="token function">antMatchers</span><span class="token punctuation">(</span><span class="token string">&quot;/test-a&quot;</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">hasAnyRole</span><span class="token punctuation">(</span><span class="token string">&quot;USER&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br></div></div><div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">MethodReference</span> <span class="token keyword">extends</span> <span class="token class-name">SpelNodeImpl</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210122150620.png" alt=""></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210122151156.png" alt=""></p> <p><strong>重点</strong>，鉴权抽象类<strong>SecurityExpressionRoot</strong></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210122151834.png" alt=""></p></li> <li><p>再比如安全配置的认证鉴权</p> <div class="language-java line-numbers-mode"><pre class="language-java"><code>http<span class="token punctuation">.</span><span class="token function">authorizeRequests</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
    <span class="token comment">// 其他任何请求只要认证过就可访问</span>
    <span class="token punctuation">.</span><span class="token function">anyRequest</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">authenticated</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br></div></div><div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">PropertyOrFieldReference</span> <span class="token keyword">extends</span> <span class="token class-name">SpelNodeImpl</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br></div></div><p>同样，最终的判断都在鉴权抽象类<strong>SecurityExpressionRoot</strong></p> <p><img src="https://fastly.jsdelivr.net/gh/huhuhan/img@master/md/pic/20210122153129.png" alt=""></p></li></ul></li></ul> <blockquote><p>访问决策接口，实现类如下，其内部的都是基于Voter投票接口去实现判断</p> <ul><li><p><code>AffirmativeBased</code>只要有一种投票就成功</p></li> <li><p><code>ConsensusBased</code>（少数服从多数）</p> <p>通过的票数大于反对的票数则判为通过;通过的票数小于反对的票数则判为不通过;通过的票数和反对的票数相等，则可根据配置<code>allowIfEqualGrantedDeniedDecisions</code>（默认为true）进行判断是否通过。</p></li> <li><p><code>UnanimousBased</code>（反对票优先）</p></li></ul></blockquote></div> <footer class="page-edit" style="display:none;"><!----> <div class="last-updated"><span class="prefix">Last Updated: </span> <span class="time">2022/5/27 上午11:15:53</span></div></footer> <!----> <!----></main> <!----></div></div></div></div><div class="global-ui"><div class="back-to-ceiling" style="right:1rem;bottom:6rem;width:2.5rem;height:2.5rem;border-radius:.25rem;line-height:2.5rem;display:none;" data-v-c6073ba8 data-v-c6073ba8><svg t="1574745035067" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="5404" class="icon" data-v-c6073ba8><path d="M526.60727968 10.90185116a27.675 27.675 0 0 0-29.21455937 0c-131.36607665 82.28402758-218.69155461 228.01873535-218.69155402 394.07834331a462.20625001 462.20625001 0 0 0 5.36959153 69.94390903c1.00431239 6.55289093-0.34802892 13.13561351-3.76865779 18.80351572-32.63518765 54.11355614-51.75690182 118.55860487-51.7569018 187.94566865a371.06718723 371.06718723 0 0 0 11.50484808 91.98906777c6.53300375 25.50556257 41.68394495 28.14064038 52.69160883 4.22606766 17.37162448-37.73630017 42.14135425-72.50938081 72.80769204-103.21549295 2.18761121 3.04276886 4.15646224 6.24463696 6.40373557 9.22774369a1871.4375 1871.4375 0 0 0 140.04691725 5.34970492 1866.36093723 1866.36093723 0 0 0 140.04691723-5.34970492c2.24727335-2.98310674 4.21612437-6.18497483 6.3937923-9.2178004 30.66633723 30.70611158 55.4360664 65.4791928 72.80769147 103.21549355 11.00766384 23.91457269 46.15860503 21.27949489 52.69160879-4.22606768a371.15156223 371.15156223 0 0 0 11.514792-91.99901164c0-69.36717486-19.13165746-133.82216804-51.75690182-187.92578088-3.42062944-5.66790279-4.76302748-12.26056868-3.76865837-18.80351632a462.20625001 462.20625001 0 0 0 5.36959269-69.943909c-0.00994388-166.08943902-87.32547796-311.81420293-218.6915546-394.09823051zM605.93803103 357.87693858a93.93749974 93.93749974 0 1 1-187.89594924 6.1e-7 93.93749974 93.93749974 0 0 1 187.89594924-6.1e-7z" p-id="5405" data-v-c6073ba8></path><path d="M429.50777625 765.63860547C429.50777625 803.39355007 466.44236686 1000.39046097 512.00932183 1000.39046097c45.56695499 0 82.4922232-197.00623328 82.5015456-234.7518555 0-37.75494459-36.9345906-68.35043303-82.4922232-68.34111062-45.57627738-0.00932239-82.52019037 30.59548842-82.51086798 68.34111062z" p-id="5406" data-v-c6073ba8></path></svg></div></div></div>
    <script src="/blog/assets/js/app.0c46c7d8.js" defer></script><script src="/blog/assets/js/3.5679fe00.js" defer></script><script src="/blog/assets/js/1.8cdd2163.js" defer></script><script src="/blog/assets/js/75.5d297adc.js" defer></script>
  </body>
</html>
